Solved: Trouble redistributing BGP->OSPF and OSPF->BGP

pille1234 · ‎06-29-2013

G'day everyone,

I have some trouble with redistributing OSPF to BGP and vice versa. The topology is the following, see attachment as well:

we have a redundant backbone ring connecting several separate locations. Each location (DC1, DC2, DC3, etc) has a redundant pair of routers connecting the local datacenter to the ring.

We plan to run VRF lite in the ring, so we have several OSPF processes running for different VRFs. Within the datacenters we use MPLS/iBGP. Now we want to redistribute the BGP routes per address familiy into the corresponding OSPF process and the other way around, redistribute the OSPF routes into BGP. However there the trouble begins: if we work with the default AD, we have iBGB AD 200 and OSPF AD 110. What happens is, the first router in DC1 distributes the BGP routes to OSPF, while the second router receives its own BGP routes via OSPF from his peer router and, due to the better AD of OSPF, starts to install a route pointing to his peer router instead of the southbound route into the connected datacenter.

If we change the OSPF AD to, say 210, we get another problem: router 1 in DC1 receives the networks of DC2 via OSPF and redistributes these into BGP. Router 2 in DC1 now receives these networks via BGP with AD200 and therefore ignores the ospf routes, effectivly killing the redundant path. This way there is no chance of loadbalancing and we would only utilize 1 path.

Right now I have no idea how or even if this problem could be solved. So your help is more than welcome

Regards Pille

milan.kulik · ‎07-01-2013

Hi Pille,

sorry, I misunderstood the routing description so far.

What about following:

if you decrease your OSPF AD to 210, e.g., and

a) configure a redistribution route-map to tag your OSPF prefixes when redistributed to BGP with a special BGP community X,

b) configure an iBGP neighbor route-map to deny iBGP prefixes tagged with X when received,

c) connect your Router1 and Router2 within the same DC via OSPF, not iBGP.

In this scenario:

1) R2 will never accept iBGP prefixes which were redistributed from OSPF by R1 originally (and vice versa) - tagged by X community,

2) R1 and R2 will always prefer their DC prefixes received via iBGP over the same prefixes received via OSPF - better iBGP AD,

3) In a case of R1 WAN line failure, it will use the path via R2 to connect to the WAN - WAN prefixes received via OSPF.

Best regards,

Milan

View solution in original post

Jeff Orr · ‎06-29-2013

Tag your routes when doing the first redistribution (bgp-->OSPF) then filter out or set AD based on the revived tag (OSPF-->BGP)

Gajendra R' · ‎06-29-2013

Hi Pille,

as per your question its a normal problem whenever there is multiple protocols come in picture.

as far as i know you you can use route tagging while you redistributing BGP into OSPF and config your DC1 second router peer as passive interface......

also you can you BGP backdoor for changing the AD value for OSPF

DC1# router ospf XX

network XXXXXX

router bgp ***

network XXXXX backdoor

thanks

pille1234 · ‎06-30-2013

Hi Jeff,

I'm not sure I understand how tagging and filtering may help here. Consider the following: DC1 with R1 and R2 and DC2 with R3 and R4

B----R1 ----- R3

G | |

P----R2 ------R4

As soon as I start to redistribute the local BGP-networks into OSPF on R1, R2 is learning these routes via OSPF from R1 and R4. What possibility is there to filter to force R2 to use the BGP-Routes instead of OSPF?

milan.kulik · ‎07-01-2013

Hi,

if you decrease your OSPF AD to 210, e.g., and configure redistribution route-maps to

a) tag your BGP prefixes when redistributed to OSPF with an X tag

b) not to redistribute OSPF prefixes tagged with X to BGP,

what's wrong then?

BTW, are you using eBGP or iBGP to connect your DCs?

You might need to filter the local prefixes from sending to the iBGP neighbor within the same DC.

The easiest way would be sending only eBGP prefixes.

If iBGP is used betwenn the DCs, you might need some prefix-list to deny the local DC prefixs on the iBGP connection to the second BGP router within the same DC.

Regards,

Milan

Message was edited by: MILAN KULIK

pille1234 · ‎07-01-2013

Hi Milan,

we use iBGP inside the DC and OSPF (VRF lite) between the DCs. The problem I expect and that I believe could not be solved by tagging and filtering is that as soon as the first router in DC1 redistributes the OSPF routes into BGP the second router in DC1 is going to prefer the newly received iBGP routes over the OSPF route, thus ignoring his own WAN link.

Is this a wrong assumption?

Going to test with GNS3...

Regards

Pille

milan.kulik · ‎07-01-2013

Hi Pille,

sorry, I misunderstood the routing description so far.

What about following:

if you decrease your OSPF AD to 210, e.g., and

a) configure a redistribution route-map to tag your OSPF prefixes when redistributed to BGP with a special BGP community X,

b) configure an iBGP neighbor route-map to deny iBGP prefixes tagged with X when received,

c) connect your Router1 and Router2 within the same DC via OSPF, not iBGP.

In this scenario:

1) R2 will never accept iBGP prefixes which were redistributed from OSPF by R1 originally (and vice versa) - tagged by X community,

2) R1 and R2 will always prefer their DC prefixes received via iBGP over the same prefixes received via OSPF - better iBGP AD,

3) In a case of R1 WAN line failure, it will use the path via R2 to connect to the WAN - WAN prefixes received via OSPF.

Best regards,

Milan

pille1234 · ‎07-01-2013

Gotcha! Works like a charm, thank you very much Milan.